bb0372354704c448e4008fba061794d0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

bb0372354704c448e4008fba061794d0N.exe
Size

102KB
MD5

bb0372354704c448e4008fba061794d0
SHA1

34fcc44d987b657b000a9b6c2b8c28a031e803c5
SHA256

a86522c4a0bb4f621c133240f289a4c7ac44b8e559369abd802febd1abebbe54
SHA512

a82319f8d3aa586e0e313ceb7afea8a55c8fc8453f82a0bac87096d86a713e2fca4b57abf7616b54b4e9b0f1436498e308061ebae1dcb88d44843278da824daa
SSDEEP

3072:feiThmdGEIBs6+JbCvHyY5Pcc0DnLnjisQaWh+AyL:feiThmdc4ayqbgiIWsAyL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb0372354704c448e4008fba061794d0N.exe

Files

bb0372354704c448e4008fba061794d0N.exe
.dll windows:6 windows x86 arch:x86

14238618e650391a216444521b0be8a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BuildAgent\work\f239b39ee858ff87\Release\GoldenFrogWFP.pdb

Imports

msvcr110

_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
_lock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
??1type_info@@UAE@XZ
??0exception@std@@QAE@XZ
vsprintf_s
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
??_V@YAXPAX@Z
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_unlock
memmove
??2@YAPAXI@Z
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
_CxxThrowException
__CxxDetectRethrow
__CxxUnregisterExceptionObject
??0exception@std@@QAE@ABQBD@Z
printf
_cexit
__FrameUnwindFilter

kernel32

GetTickCount64
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
Sleep
EncodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId

msvcp110

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

fwpuclnt

FwpmFreeMemory0
FwpmGetAppIdFromFileName0
FwpmSubLayerDeleteByKey0
FwpmProviderDeleteByKey0
FwpmEngineClose0
FwpmEngineOpen0
FwpmProviderAdd0
FwpmSubLayerAdd0
FwpmTransactionBegin0
FwpmProviderContextAdd1
FwpmCalloutAdd0
FwpmFilterAdd0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmFilterDeleteById0
FwpmCalloutDeleteByKey0
FwpmProviderContextDeleteByKey0

mscoree

_CorDllMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14238618e650391a216444521b0be8a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr110

kernel32

msvcp110

fwpuclnt

mscoree

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB